DORA and Third Party | A Deep Dive into Third-Party Risk Management

Presenting another insightful conversation with Pierre Noel and Guy Marong about DORA and its relationship with third parties. Noel, with an illustrious career in cybersecurity and extensive experience in DORA risk assessments, guides us through this episode. Here, we delve deeper into the significance of third parties within the framework of DORA. The discussion underscores the varied types of third parties. And stresses the necessity of a nuanced strategy for their effective management. From comprehensive risk assessments to handling dependencies on fourth parties, fortify your cybersecurity resilience with invaluable insights from industry veterans.

Play Video

Unlocking Third-Party Risk Management: Insights for Dora Compliance


In the opening moments, the importance of third-party risk management, particularly in the context of Dora compliance. Pierre and Guy engage in a conversation covering various aspects of third-party risk. Starting with the definition of third parties, they elaborate on the different types that can encompass. Pierre stresses the need for a thorough and continuous risk assessment process. They highlight the challenges in formulating effective risk assessment questions. They emphasize the importance of ensuring that assessments are not just box-ticking exercises.


The discussion extends to contractual considerations, including the inclusion of monitoring provisions and the right to audit clauses. They also touch upon the complexities of dealing with fourth and fifth-party risks, as third parties themselves may have their own subcontractors. Furthermore, the importance of fostering a collaborative relationship with third parties is emphasized. including information sharing and joint risk mitigation efforts.


In terms of termination or continuity planning, the conversation underscores the importance of resilience over mere contractual compliance. They caution against abrupt terminations, highlighting the need for a nuanced approach. This approach has to prioritize continuity and recovery in the event of an incident. Finally, they suggest the idea of a Chief Resilience Officer role within organizations to oversee all aspects of resilience management comprehensively.





Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.